Reolink Rlc-410W Firmware vulnerabilities
88 known vulnerabilities affecting reolink/rlc-410w_firmware.
Total CVEs
88
CISA KEV
2
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH81MEDIUM4
Vulnerabilities
Page 5 of 5
CVE-2021-44363P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44363 [HIGH] CWE-20 CVE-2021-44363: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPush param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44365P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44365 [HIGH] CWE-20 CVE-2021-44365: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44368P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44368 [HIGH] CWE-20 CVE-2021-44368: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-40423P3HIGHCVSS 7.5v3.0.0.136_201211022022-01-28
CVE-2021-40423 [HIGH] CWE-20 CVE-2021-40423: A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Re
A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-40414P3HIGHCVSS 7.1v3.0.0.136_201211022022-01-28
CVE-2021-40414 [HIGH] CWE-284 CVE-2021-40414: An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability function
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement de
nvd
CVE-2021-40415P4MEDIUMCVSS 6.5v3.0.0.136_201211022022-01-28
CVE-2021-40415 [MEDIUM] CWE-284 CVE-2021-40415: An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability function
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the devic
nvd
CVE-2021-40405P4MEDIUMCVSS 6.5v3.0.0.136_201211022022-04-14
CVE-2021-40405 [MEDIUM] CWE-284 CVE-2021-40405: A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink R
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-21199P4MEDIUMCVSS 5.9v3.0.0.136_201211022022-01-28
CVE-2022-21199 [MEDIUM] CWE-321 CVE-2022-21199: An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
nvd
← Previous5 / 5